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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 03 August 2006 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correctionjs required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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DETAILED ACTION 

Response to Amendment 
1 . This is in response to Applicant(s) arguments submitted on 8/03/06. 

The following is the current status of claims: 
Claims 1-25 remain pending for examination. 

Response to Applicant Remarks 
Applicant's arguments filed 3/29/06 have been fully considered but they are not persuasive for the 
following reasons, see sections I and II. 

Claim Rejections - 35 USC § 103 

I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of 
this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter 
as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Pat. No. 
6,505,192 issued to Godwin et al., ("Godwin") in view of U.S. Pub. No. 2003/0028585 issued to Yeager et 
aL, ("Yeager"). 

As per claim 1, Godwin discloses "a searching method for a Security Policy Database" (i.e., Ipsec 
processing (searching) in a security policy database; see col. 5, lines 42-45) comprising: 

" wherein the peer table includes fields of peer identification, address, prefix, and type " (i.e.. type; 
see col. 9, line 3); 

"building a set of peer-based Security Policy Database composed of a plurality of peer-based 
Security Policy Databases" (i.e., network security processing multiple nodes (databases) by accepting 
packets with Ipsec; see col. 5, lines 29-40 and Fig. 1); 
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"searching the peer table" (i.e., locating the applicable security association into a hash table; see 
col. 6, lines 47-60); and 

"searching the peer table" (i.e., searching table; see col. 12, lines 47-48), and " then comparing 
the Security Policy Database set with the field of address of the peer table" (i.e., packet comparing to 
security specified in the matching rule; see col. 7, lines 17-20) "so as to obtain a corresponding peer- 
based Security Policy Database" (i.e., searching the IP to determine the applicable security association 
(security policy); see col. 6, lines 47-62). Godwing fails to explicitly disclose building a peer table. 
However, Yeager discloses building a peer table (see Yeager [0109]). It would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to modify the method of Godwing by 
building the peer table as disclosed by Yeager (see Yeager [0123]). Such a modification would allow the 
method of Godwing to provide mechanisms for feeding back trust information to other peers (see Yeager 
[0015], lines 10-13), therefore improving the performance and manageability of the searching method for 
a security policy database. 

As per claim 2, in addition to claim 1 , Godwing fails to explicitly disclose building at least two data 
in the peer table according to a peer gateway; according to one set of peer gateway, at least two sets of 
data are built in the peer table. However, Yeager discloses building a peer table (see Yeager [0109]). It 
would have been obvious to a person of ordinary skill in the art at the time the invention was made to 
modify the method of Godwing by building the peer table as disclosed by Yeager (see Yeager [0123]). 
Such a modification would allow the method of Godwing to provide mechanisms for feeding back trust 
information to other peers (see Yeager [0015], lines 10-13), therefore improving the performance and 
manageability of the searching method for a security policy database. 

As per claim 3, in addition to claim 1, Godwing further discloses "one of the two data is an internal 
network/local area network (LAN) data" (see col. 5, lines 54-56), "the other is an external network/wide 
area network (WAN) data" (see col. 5, lines 31-34 and Fig. 1); "one of the two sets of data is a set of 
internal network/local area network (LAN) data and the other is a set of external network/wide area 
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network (WAN) data" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; 
see col. 5, lines 31-34). 

As per claim 4, in addition to claim 1, Godwing further discloses "an address" (se col. 6, lines 35- 
36), "the address is a network address" (i.e., IP address; see col. 2, line 62); "the type is an internal 
network/local area network (LAN) section type, an external network/wide area network (WAN) address or 
both" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; see col. 5, lines 
31-34). Godwing fails to explicitly disclose peer identification, a type and a prefix; the peer identification 
represents the peer gateway; the prefix is the number of the bits for comparing the address. However, 
Yeager discloses a peer identification, a type and a prefix; the peer identification represents the peer 
gateway; the prefix is the number of the bits for comparing the address (see Yeager [0118] & [0116]). It 
would have been obvious to a person of ordinary skill in the art at the time the invention was made to 
modify the method of Godwing by a peer identification, a type and a prefix; the peer identification 
represents the peer gateway; the prefix is the number of the bits for comparing the address as disclosed 
by Yeager (see Yeager [0201]). Such a modification would allow the method of Godwing to provide 
mechanisms for feeding back trust information to other peers (see Yeager [0015], lines 10-13), therefore 
improving the performance and manageability of the searching method for a security policy database. 

As per claim 5, Godwing discloses "the address included in the internal network/local area 
network (LAN) data is an internal network/local area network (LAN) section" (i.e., network interconnecting 
nodes for sending and receiving (two sets) packet; see col. 5, lines 31-34). 

As per claim 6, Godwing discloses "the address included in the external network/wide area 
network (WAN) data is an external network/wide area network (WAN) address" (i.e., network 
interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, lines 31-34). 



Application/Control Number: Page 5 

10/720,074 

Art Unit: 2162 

As per claim 7, in addition to claim 1, Godwing fails to explicitly disclose the peer identification is 
0, the address is 0, the type is B, and the prefix is 0. However, Yeager discloses the peer identification is 
0, the address is 0, the type is B, and the prefix is 0 (see Yeager [0118] & [0116]). It would have been 
obvious to a person of ordinary skill in the art at the time the invention was made to modify the method of. 
Godwing by the peer identification is 0, the address is 0, the type is B, and the prefix is 0 as disclosed by 
Yeager (see Yeager [0201]). Such a modification would allow the method of Godwing to provide 
mechanisms for feeding back trust information to other peers (see Yeager [0015], lines 10-13), therefore 
improving the performance and manageability of the searching method for a security policy database. 

As per claims 8 and 9, the limitations of claims 8 and 9 are rejected in the analysis of claims 1 
and 4, therefore, these are rejected on that basis. 

As per claim 10, in addition to claim 8, Godwing further discloses "the selector is a source 
address or a destination address" (i.e., destination IP address; see col. 2, line 62). 

As per claim 1 1, the limitations of claim 1 1 are rejected in the analysis of claim 9, and this claim is 
rejected on that basis. 

As per claim 12, in addition to claim 1, Godwing further discloses "a method for adding-in a 
security policy, the method comprises: adding the security policy in the set of peer-based Security Policy 
Database according to a selector" (i.e., permitted with Ipsec processing (packet), in a security policy 
database; see col. 5, lines 42-45). 

As per claim 13, Godwing discloses "the selector is a source address or destination address" (i.e., 
destination IP address; see col. 2, line 62). 
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As per claim 14, in addition to claim 1, Godwing further discloses "a method for deleting a security 
policy, the method comprises: deleting the security policy from the set of peer-based Security Policy 
Database according to a selector" (i.e., denied permitted without Ipsec processing (packet), in a security 
policy database; see col. 5, lines 42-45). 

As per claim 15, Godwing discloses "the selector is a source address or destination address" (i.e., 
destination IP address; see col. 2, line 62). 

As per claim 16, in addition to claim 1, Godwing further discloses "comparing a packet and the 
peer table" (i.e., matching packet in a security policy database; see col. 5, lines 42-45 ). 

As per claim 17, Godwing discloses "the packet is an inbound IPsec packet in tunnel mode; the 
comparing step is used for comparing the source address of the outer header of the inbound IPSec 
packet in tunnel mode" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing 
determining the matching of packets in a security policy database; see col. 5, lines 29-41) and "the 
external network/wide area network (WAN) address of the peer table" (i.e., network interconnecting nodes 
(WAN) for sending and receiving (two sets) packet; see col. 5, lines 29-34). 

As per claim 18, Godwing discloses "the packet is an inbound IPSec packet in transport mode; 
the comparing step is used for comparing the source address of the inbound IPsec packet in transport 
mode" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining the 
matching of packets in a security policy database; see col. 5, lines 29-41) and "the external network/wide 
area network (WAN) address of the peer table" (i.e., network interconnecting nodes (WAN) for sending 
and receiving (two sets) packet; see col. 5, lines 29-34). 
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As per claim 19, Godwing discloses "the packet is an inbound IP packet; the comparing step is 
used for comparing the source address of the inbound IP packet" (i.e., outgoing packet and incoming 
packet to nodes with Ipsec processing determining the matching of packets in a security policy database; 
see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer table" (i.e., 
network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, lines 29- 
34). 

As per claim 20, Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the destination address of the outbound IP packet" (i.e., outgoing packet and 
incoming packet to nodes with Ipsec processing determining the matching of packets in a security policy 
database; see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer 
table" (i.e., network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, 
lines 29-34). 

As per claim 21, Godwing further discloses "comparing a packet and the peer-based Security 
Policy Database" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining 
the matching of packets in a security policy database; see col. 5, lines 29-41). 

As per claim 22, Godwing discloses "the packet is an inbound IPsec packet in tunnel mode; the 
comparing step is used for comparing the inner header of the inbound IPsec packet in tunnel mode with 
the selector of the security policy of the peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet and determining if the matching rule requires that Ipsec 
processing be applied; see col. 6, line 50 to col. 7, line 7 and Figs. 3 and 7). 
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As per claim 23, Godwing discloses "the packet is an inbound IPsec packet in transport model; 
the comparing step is used for comparing the header of the inbound IPsec packet in transport mode with 
the selector of the security policy of the peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet and determining if the matching rule requires that Ipsec 
processing be applied; see col. 6, line 50 to col. 7, line 7 and Figs. 3 and 7). 

As per claim 24, Godwing discloses "the packet is an inbound IP packet; the comparing step is 
used for comparing the header of the inbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (i.e., determining if an incoming packet contains an authentication 
header and a security association must be identified to determine how to authenticate the packet and 
determining if the matching rule requires that Ipsec processing be applied; see col. 6, line 50 to col. 7, line 
7 and Figs. 3 and 7). 

As per claim 25, Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the header of the outbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (i.e., determining if the outgoing packet contains security and 
determining the match and building the appropriate security header; see col. 9, lines 37-65 and Fig. 8). 

II. Applicant's arguments, filed 8/03/06, with respect to claims 1-25 have been fully considered but, 
have been found persuasive only to the extent that the prior of record does not specifically teach the 
limitations "building a peer table". However, Yeager discloses such limitations. 

The instant application relates to a relates to Internet Protocol Security (IPSec), and particularly, 
to a searching method for a Security Policy Database (SPD); see page 1, lines 4-5. Godwin relates to 
IPsec; see col.- 1, lines 6-25. Harvey relates to peer-to-peer network (P2P); (see Harvey [0003]). Thus, the 
combination of Godwin and Harvey discloses the claimed limitations. 
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Further, claim recites alternatives in a format such as "selected from the group consisting of A, B 
and C." See Ex parte Markush, 1925 CD. 126 (Comm'r Pat 925). 

MPEP 2111: During patent examination, the pending claims must be "given the broadest 
reasonable interpretation consistent with the specification" Applicant always has the opportunity to amend 
the claims during prosecussion and broad interpretation by the examiner reduces the possibility that the 
claim, once issued, will be interpreted more broadly than is justified. In re Prater, 162 USPQ 541,550-51 
(CCPA 1969). The court found that applicant was advocating ... the impermissible importation of subject 
matter from the specification into the claim. See also In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 
1023, 1027-28 (Fed. Cir. 1997) (The court held that the PTO is not required, in the course of prosecution, 
to interpret claims in applications in the same manner as a court would interpret claims in an infringement 
suit. Rather, the "PTO applies to verbiage of the proposed claims the broadest reasonable meaning of 
the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking 
into account whatever enlightenment by way of definition or otherwise that may be afforded by the written 
description contained in application's specification."). 

The broadest reasonable interpretation of the claims must also be consistent with the 
interpretation that those skilled in the art would reach. In re Cortright, 165 F.3d 1353, 1359, 49 USPQ2d 
1464, 1468 (Fed. Cir. 1999). 

For the above reasons, it is believed that the last Office Action was proper. 
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CONTACT INFORMATION 



Any inquiry concerning this communication or earlier communications from the examiner should 



be directed to JEAN B. FLEURANTIN whose telephone number is 571 - 272-4035. The examiner can 
normally be reached on 7:05 to 4:35. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JOHN E BREENE can be reached on 571 - 272-4107. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 




Jean Bolte Fleurantin 



Patent Examiner 



Technology Center 2100 



October 12, 2006 



